CVE-2025-14558

Published Mar 9, 2026

Last updated 6 hours ago

CVSS high 7.2

Overview

Description
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.
Source
secteam@freebsd.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secteam@freebsd.org
CWE-20

Social media

Hype score
Not currently trending

  1. A severe vulnerability was disclosed for FreeBSD (CVE-2025-14558) https://t.co/POdzujyXIY

    @vuldb

    9 Mar 2026

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #Linux #VulnerabilityReport FreeBSD Network Alert: Malicious IPv6 Packets Can Trigger Remote Code Execution via resolvconf (CVE-2025-14558) https://t.co/YjLfxMHAgm

    @Komodosec

    25 Jan 2026

    83 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️⚠️ CVE-2025-14558: FreeBSD rtsold - Remote Code Execution 🔥PoC: https://t.co/TZFdw3EcFy 🔗FOFA Link: https://t.co/6RPBziv6nF 🎯1.32m+ Results are found on the https://t.co/pb16tGXCUG nearly year. FOFA Query: app="freeBSD" 🔖Refer: https://t.co/eAXSZ1Ap0Z #OSINT

    @fofabot

    23 Dec 2025

    2951 Impressions

    19 Retweets

    58 Likes

    22 Bookmarks

    1 Reply

    2 Quotes

  4. GitHub - JohannesLks/CVE-2025-14558 https://t.co/Owwn3Do4JM

    @akaclandestine

    21 Dec 2025

    4469 Impressions

    11 Retweets

    38 Likes

    27 Bookmarks

    0 Replies

    0 Quotes

  5. New FreeBSD Zero-Day (CVE-2025-14558) Allows Unauthenticated RCE via Malicious IPv6 Router Advertisements Read the full report on - https://t.co/7bGmTckATn https://t.co/sdmMOQ1xiw

    @cyberbivash

    21 Dec 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. GitHub - JohannesLks/CVE-2025-14558 - https://t.co/dWnWfJ7uaf

    @piedpiper1616

    21 Dec 2025

    631 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  7. PfSense and pfSense+ vulnerable to @FreeBSD CVE-2025-14558. Info, recommended Netgate actions, and guide. #pfSensd #pfSensePlus #FreeBSD #CVE https://t.co/zGhZk9Vcrk

    @sheridancompute

    19 Dec 2025

    148 Impressions

    3 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.